Chad
Wed Apr 14 01:51:13 CDT 2004
We're definitely getting close to having all the kinks worked out . . .
As for user profiles, you don't necessarily get a '.domain' behind every
domain profile. For example, let's say you have a domain user ( john.doe).
The first time John logs on to a W2k / XP workstation, Windows creates a
profile path under Documents & Settings. It first tries to create a folder
using just the username (e.g. john.doe) - if a folder with that name already
exists (maybe a local user with the same name, profile from previous domain,
etc.), it will then try username.domain (e.g. john.doe.company). If that
already exists, it will try username.000. If that exists, it will then try
username.001 and so on until it can create a new unique folder for the
profile. So, just because you don't see .domain behind a profile folder
doesn't mean you don't have a profile for that domain user. Make sense?
On to shares . . . Ok, the share you created - did you share an existing
folder, or create a new folder then share it? On your server, open the
properties for this folder, and ensure that you have proper permissions both
under Share Permissions and under the Security tab. If you don't have
necessary permissions under both, you won't be able to access the share.
Adding domain users to workstations: You don't have to do anything special
there. All users have to do is log in. Granted, the first time they log
in, they may have to set up Outlook to use Exchange, but nothing too
difficult by any means . . . :^)
As for roaming profiles, I'm not a big fan of them - especially in any sort
of mixed environment. What you can do with SBS2k & SBS2k3 is to use Folder
Redirection instead of Roaming Profiles. This let's you redirect key
folders from a user's profile to a location on your server. At a minimum I
would recommend redirecting users' My Documents folder - for two reasons.
1) this puts their My Documents on the server, which means they get backed
up with the rest of the server every night. 2) When users do log in on a
different PC, they still have access to their My Documents folder.
Additionally, you can also redirect users' Application Data, Startup &
Desktop folders as well. SBS2k3 provides a wizard to redirect users' My
Documents folder - Open Server Management, click on Backup, and on the left
is a link for "Configure My Documents Redirection". If you want to redirect
Application Data, Startup and/or Desktop folders, you'll have to do that via
Group Policies, but it's pretty straight forward . . .
If you need anything else, just post back. :^) HTH!
--
Chad A. Gross - SBS MVP
SBS ROCKS!
rcunningham8820 wrote:
> Ok, great I'll ignore those errors, thank you for the article!
>
> Yes, the server is now setup with ad, exchange, isa, Symantec
> Antivirus SBS, Backup Exec! Everything is working reasonably
> well...wait, hurry, backup!!! :O)
>
> I'm able to access web and email from the clients fine, (haven't
> tackled VPN yet). I'll refrain from accessing the web and such from
> the server.
>
> I'm having another problem but I don't really know what to call it. I
> setup a share on the server, gave my domain account full access to it
> and setup my user account to mount it as M upon login. That works,
> drive M:\ shows up in My Computer on my Windows 2000 Pro workstaion
> but when I double-click the icon it says "M:\ is not accessible".
> When I explore I notice the user profile under the Documents and
> Settings folder is not followed by a ".domain". What am I doing wrong?
> I notice there is a Administrator.xyz profile I'm guessing was
> created with the SCW disk. Do you have to run SCW for each user
> account you add to the computer? I am logging on to the domain and
> not local. Do you have any urls that can tell me the correct way to
> add domain users/profiles to workstations? I haven't been able to
> find anything good.
>
> If we are going to have users mainly use one computer and not other
> computers is there any other benefit to roaming profiles? The
> organization will have all Windows 2000 workstations with the
> acception of a couple XP Pros.
>
> I really do appreciate your help Chad, SBS wouldn't rock without you!
>> O)
>
> I hope I've explained where it makes sense!
>
>
> "Chad A. Gross [SBS MVP]" <chad.gross@laytonflower.nospam.com> wrote
> in message news:<ezfWnnbIEHA.3720@tk2msftngp13.phx.gbl>...
>> Ok -
>>
>> All of those error can be ignored - that's just SBS tripping over
>> it's own
>> feet as it starts up. (The Exchange services are calling AD during
>> startup,
>> but AD hasn't completely loaded yet, since Exchange is running on
>> our only
>> DC) . . .
>>
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322837
>>
>> As for running Windows Update from the server, it's usually best to
>> stop
>> your Exchange & SQL services first - that will greatly increase your
>> success
>> rate and minimize unwanted side-effects.
>>
>> As for posting to the newsgroup via the web interface, are you
>> trying to
>> post from the server or a workstation? Best practice is not to
>> browse from
>> the server . . . On a slightly related topic, have you installed the
>> firewall client on the workstations? (I'm assuming you have ISA
>> installed
>> since you indicated you needed to set the browser to use port 8080)
>> . . .
>>
>> --
>>
>> Chad A. Gross - SBS MVP
>> SBS ROCKS!
>>
>> rcunningham8820 wrote:
>>> Thank you for your help Chad, I'm making some progress. I've
>>> reinstalled SBS and tried my best to follow the wizards and the docs
>>> you referred me to. I have ISA loaded and plan on using it. Two
>>> nics
>>> in the server, configured one for the internal network and one for
>>> the
>>> Interent. I've got a workstation pulling up web pages through the
>>> SBS (that was a stupid mistake...client wasn't configured to use
>>> port 8080). I've yet to tackle VPN. I'm getting hung up with some
>>> services that don't start, the first few messages in event log:
>>>
>>> Event Type: Error
>>> Event Source: MSExchangeDSAccess
>>> Event Category: Topology
>>> Event ID: 2104
>>> Date: 4/13/2004
>>> Time: 12:25:57 PM
>>> User: N/A
>>> Computer: ARMSTRONG1
>>> Description:
>>> Process INETINFO.EXE (PID=1516). All the DS Servers in domain are
>>> not
>>> responding.
>>>
>>> Event Type: Error
>>> Event Source: MSExchangeDSAccess
>>> Event Category: Topology
>>> Event ID: 2102
>>> Date: 4/13/2004
>>> Time: 12:26:01 PM
>>> User: N/A
>>> Computer: ARMSTRONG1
>>> Description:
>>> Process MAD.EXE (PID=1280). All Domain Controller Servers in use are
>>> not responding:
>>> armstrong1.armstronginc.local
>>>
>>> Event Type: Error
>>> Event Source: MSExchangeAL
>>> Event Category: Service Control
>>> Event ID: 8250
>>> Date: 4/13/2004
>>> Time: 12:26:03 PM
>>> User: N/A
>>> Computer: ARMSTRONG1
>>> Description:
>>> The Win32 API call 'DsGetDCNameW' returned error code [0x862] The
>>> specified component could not be found in the configuration
>>> information. The service could not be initialized. Make sure that
>>> the operating system was installed properly.
>>>
>>> ...The last error happens 3 times total about 5 seconds apart.
>>>
>>> I've tried several "DependOnService" entries but it always seems to
>>> cause another error. I've loaded the system enough to know I'm
>>> making
>>> the same mistake every time. When the server comes up and fails, I
>>> am
>>> able to start the services then.
>>>
>>> Is there anyway to just make a service wait a while before it tries
>>> to
>>> start?
>>>
>>> On another note, last night I tried to do a windows update and I
>>> selected all the critical updates except the IE 6 because it "had to
>>> be done seperately". The server locked down. Is there anything
>>> 'special' I should know about Windows Update?
>>>
>>> When posting this message to the newsgroups it told me that the page
>>> couldn't be found. Could ISA be blocking the /post page of google?
>>>
>>> Thanks in advance!
>>>
>>>
>>> "Chad A Gross [SBS-MVP]" <chad.gross@laytonflower.nospam.com> wrote
>>> in message news:<#zcLuTFIEHA.2064@TK2MSFTNGP10.phx.gbl>...
>>>> MS VPN uses PPTP (Point-to-Point Tunnelling Protocol), which
>>>> communicates
>>>> using port 1723. You will need to ensure that any routers between
>>>> your
>>>> server and the remote VPN client allow for GRE packets to be
>>>> passed.
>>>> This
>>>> is usually listed as VPN pass-thru on most routers - on some higher
>>>> end
>>>> routers (Cisco's, Netopia's, etc) you will most likely need to
>>>> enter
>>>> a
>>>> routing rule to allow for GRE (protocol 47) packets . . .
>>>>
>>>> You can test PPTP VPN functionality using the pptpsvr & pptpclnt
>>>> utilities
>>>> found in pptpping from the Windows Resource Kit. You can download
>>>> pptpping.zip from Wayne's site:
http://www.sbsfaq.com/Files/
>>>>
>>>> --
>>>> Chad A. Gross [SBS-MVP]
>>>>
>>>> SBS ROCKS!!!
>>>>
>>>> "rcunningham8820" <rcunningham8820@yahoo.com> wrote in message
>>>> news:2de05d67.0404112157.338e6516@posting.google.com...
>>>>> Thank you for your quick reply. I'm going to reinstall and do
>>>>> what
>>>>> you said maybe I can get it right this time.
>>>>>
>>>>> Later, I'll have a remote office with a W2K Pro workstation
>>>>> connected
>>>>> to broadband. I'll want them to be a VPN client connected to this
>>>>> main office. Does the MS VPN solution require anything special
>>>>> with
>>>>> regards to the ISP or router equipment? I've seen VPN passthrough
>>>>> options on routers so I'll bet I've got to do something there.
>>>>> Are
>>>>> there any online tools to test VPN capabilities or will I just
>>>>> have
>>>>> to
>>>>> wait until the server is in place?
>>>>>
>>>>> Thanks again!
>>>>>
>>>>> "Chad A Gross [SBS-MVP]" <chad.gross@laytonflower.nospam.com>
>>>>> wrote
>>>>> in
>> message news:<#3llVkDIEHA.2676@TK2MSFTNGP10.phx.gbl>...
>>>>>> First - I'll say right away that I don't like the idea of
>>>>>> multi-homing
>> each
>>>>>> WS. That is just going to cause undo headaches. I personally
>>>>>> prefer
>> using
>>>>>> a multi-homed SBS, with the Netgear router between the external
>>>>>> nic on
>> the
>>>>>> SBS & internet connection.
>>>>>>
>>>>>>
http://www.smallbizserver.net/DesktopDefault.aspx?tabid=52
>>>>>>
>>>>>> Alternatively, if you don't want to use ISA (although I recommend
>>>>>> using
>> it),
>>>>>> you can just attach your SBS to your existing network without
>> multi-homing.
>>>>>> Just be sure to disable DHCP on the router and change it's IP to
>>>>>> 192.168.16.1 (default IP for an SBS2k is 192.168.16.2). Then,
>>>>>> you'll
>> just
>>>>>> need to change the router option in the DHCP scope on your SBS to
>>>>>> point
>> to
>>>>>> the router's IP . . . Either way, you life will be much easier
>>>>>> in the
>> long
>>>>>> run if you don't multi-home the workstations and let the SBS
>>>>>> handle
>> DHCP,
>>>>>> DNS, etc.
>>>>>>
>>>>>> As for setting us SBS itself, use the wizards - they are the
>>>>>> quickest
>> and
>>>>>> easiest way to ensure a proper configuration. If the SBS has
>>>>>> more
>>>>>> than
>> one
>>>>>> nic, you'll need to manually set the binding order of the nics
>>>>>> (LAN nic
>>>>>> should be listed first). Once you've completed the installation,
>> complete
>>>>>> the items in the To Do List in order, and you'll be good to go.
>>>>>> Make
>> sure
>>>>>> that all clients are pointing to your SBS (and *only* the SBS)
>>>>>> for
>>>>>> DNS.
>>>>>>
>>>>>> As for ISA - check out
>>>>>>
http://www.smallbizserver.net/DesktopDefault.aspx?tabid=91
>>>>>>
>>>>>> --
>>>>>> Chad A. Gross [SBS-MVP]
>>>>>>
>>>>>> SBS ROCKS!!!
>>>>>>
>>>>>> "rcunningham8820" <rcunningham8820@yahoo.com> wrote in message
>>>>>> news:2de05d67.0404111821.4dd71191@posting.google.com...
>>>>>>> I've been thrust into a situation where I have to setup a
>>>>>>> smallbiz2000
>>>>>>> server, with little time and no training. Please tell me if
>>>>>>> there are
>>>>>>> any errors in my thought or any potiential long term planning
>>>>>>> issues
>>>>>>> with the say I plan on doing this? TIA, here is my proposed
>>>>>>> configuration:
>>>>>>>
>>>>>>> Existing is 13 Windows 2000 Professional workstations (with MS
>>>>>>> Office
>>>>>>> XP Pro and Outlook) configured to the Internet through a
>>>>>>> broadband
>>>>>>> gateway (NetGear or something like it) who's ip is 192.168.1.1
>>>>>>> and all
>>>>>>> the clients are DHCP.
>>>>>>>
>>>>>>> I've had numerous troubles with installing smallbiz2000.
>>>>>>> Configuring
>>>>>>> ISA was the straw that broke my back, so I thought my easiest
>>>>>>> solution
>>>>>>> was a multihomed network configuration. Each workstation's NIC
>>>>>>> will
>>>>>>> be configured with two ip addresses one on the gateway's subnet
>>>>>>> and
>>>>>>> one for the subnet that the server is on. I'll configure the
>>>>>>> server
>>>>>>> with an ip 10.0.0.100 (I'm using 10.0.0.100 only because on the
>>>>>>> 192.168.1.x network it is .100 also)
>>>>>>>
>>>>>>> The smallbiz2000 server will be Active Directory enabled,
>>>>>>> running
>>>>>>> Exchange Server (full schedule, task, contact sharing, etc.) and
>>>>>>> Network fax and file sharing.
>>>>>>>
>>>>>>> I've set this configuration up on a lab setting and everything
>>>>>>> seems
>>>>>>> to work fine. I'm concerned with two issues down the line.
>>>>>>> First
>>>>>>> question/issue, we're going to want VPN so can I add say a
>>>>>>> linksys
>>>>>>> BEFVP41 at this location and one at a remote location with a W2K
>>>>>>> Pro
>>>>>>> workstation without any issues? The other question/issue is if
>>>>>>> the
>>>>>>> workstations will reliably be able to see the server for Active
>>>>>>> Directory issues. Is this config ok? Any help is greatly
>>>>>>> appreciated!